Integration node HTTP listener parameters

Select the resources and properties that are associated with the integration node HTTP listener that you want to change.

To change these properties, you must specify the integration node name and -b httplistener.

The httplistener component defines properties for the integration node that are used for all the HTTP and SOAP input and reply nodes that are configured to use the integration node listener.

You must restart the integration node for all changes to be implemented.

-o HTTPListener

The following properties and values are valid:

-n startListener

Set the value to true to make all HTTP nodes in all integration servers use the integration node listener (unless you activated the embedded listener in an integration server by using the mqsichangeproperties command for that integration server). For more information about configuring an integration server so that HTTP nodes can use the embedded listener, see Integration server HTTP listener parameters (SOAP and HTTP nodes).

SOAP nodes use the embedded listener by default, but can be configured to use the integration node listener by using the mqsichangeproperties command. See Switching from an integration node listener to embedded listeners.

If you use an integration node listener, you must specify a default queue manager for the integration node. For more information, see Interaction between IBM App Connect Enterprise and IBM MQ.

Set this value to false to make all HTTP nodes use the listener that is embedded within each integration server.

Value type - Boolean
Initial value -true

-o HTTPConnector

The HTTPConnector is used for inbound (server-side) HTTP communication only. The properties do not apply to outbound traffic that involves request nodes.

The following properties and values are valid:

-n AutoRespondToHTTPHEADRequests

Set the value to true to ensure that the connector returns an HTTP 200 OK response if the request is for a URI that is associated with a message flow. Set the value to false to invoke the message flow if the request is for a URI that is associated with a message flow. If the request is not for a URI that is associated with a message flow, the connector returns an HTTP 404 Not Found response.

Value type - Boolean
Initial value - false

-n ConnBacklog

Set the value to the maximum number of incoming connection requests that can be queued. Requests that are received when this limit is reached are rejected.

Value type - integer
Initial value - 100

-n ContentSecurityPolicy

Set the string to be inserted in the HTTP Content-Security-Policy response header. For more information, see Content-Security-Policy.

Value type - string
Initial value - null

-n CORSAllowCredentials

Set the value to true to permit web browsers to pass credential information (HTTP Cookies and HTTP Authentication) over inbound cross-origin requests.

If set to true, an Access-Control-Allow-Credentials header is added to the response with the value true.

Set the value to false to stop web browsers from passing credential information over inbound cross-origin requests.

Value type - boolean
Initial value - false

-n CORSAllowHeaders

Use this property to control which HTTP headers a web browser is permitted to pass to HTTP services that are hosted by this connector. This value is used only when a preflight cross-origin request is received.

A preflight cross-origin request can include a list of HTTP headers that are used in the actual request as the value of the Access-Control-Request-Headers header.

To permit a preflight cross-origin request, all values in that header must be a case-insensitive match for one of the values that are listed in this property. Set this property to a comma-separated list of permitted HTTP headers.

Value type - string
Initial value - Accept,Accept-Language,Content-Language,Content-Type

-n CORSAllowMethods

Use this property to control the HTTP methods that the web browser is permitted to use when it is accessing HTTP services that are hosted by this connector. This value is used only when a preflight cross-origin request is received.

A preflight cross-origin request includes the HTTP method of the actual request as the value of the Access-Control-Request-Method header. To permit a preflight cross-origin request, the value of that header must be a case-sensitive match for one of the values that are listed in this property.

Set this property to a comma-separated list of permitted HTTP methods.

Value type - string
Initial value - GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS

-n CORSAllowOrigins

Use this property to configure the list of allowed origins for inbound cross-origin requests. An origin is the scheme, host, and port of the URI from which the cross-origin request was initiated. For example, if the cross-origin request was initiated from a web page that is hosted at http://example.com:7800/api/customers, the origin of the cross-origin request is http://example.com:7800

The cross-origin request that is made by the web browser automatically includes the origin as the value of the origin header.

Set the value to asterisk (*) to permit all cross-origin requests, otherwise, set the value to a comma-separated list of permitted origins for cross-origin access. For example, http://www.example.com,https://www.example.com:7843,http://othersite.net:7800

Value type - string
Initial value - *

-n CORSEnabled

Set the value to true to make the connector respond to valid HTTP Cross-Origin Resource Sharing (CORS) requests from a web browser.

Set the value to false to disable all CORS processing.

Value type - boolean
Initial value - false

-n CORSExposeHeaders

Use this property to permit web pages that are running within a web browser to see the value of the specified headers that are returned in the response to a cross-origin request. The following headers are always permitted, regardless of the setting for this value: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, and Pragma.

To permit a web page that is running in a web browser to see other headers in the response, set the value to a comma-separated list of header names. For example, X-Header1,X-Header2,X-Header3

If this value is set to a non-empty list and the inbound cross-origin request is permitted, an Access-Control-Expose-Headers header is added to the response with the value of this property.

If this value is set to an empty list, no Access-Control-Expose-Headers header is added to the response.

Value type - string
Initial value - Content-Type

-n CORSMaxAge

Use this property to permit web browsers to cache the response to a preflight cross-origin request. If this value is set to 0 or a positive integer and the inbound cross-origin request is permitted, an Access-Control-Max-Age header is added to the response that has the value of this property.

The value specifies the maximum time in seconds that the web browser can cache the response to a preflight cross-origin request. A value of 0 stops the web browser from caching the response to a preflight cross-origin request.

If this value is set to -1, an Access-Control-Max-Age header is not added to the response. If the header is not present, depending on the web browser, the web browser might cache the response to a preflight cross-origin request.

Value type - integer
Initial value - -1

-n EnableLookups

Set the value to true to use DNS lookups to return information (such as a fully qualified domain name) and include it with inbound HTTP headers, such as X-Remote-Host. Set the value to false to return the IP address instead.

Value type - Boolean
Initial value - false

-n ListenerAddress

If your server has more than one IP address, set the value to the IP address that is used for listening on port 7080. If this property is not set, port 7080 is used on all IP addresses associated with the server. A maximum of one address can be specified.

Value type - string
Initial value - null

-n ListenerPort

Set the value to the TCP/IP port number on which the connector creates a server socket and awaits incoming connections.

Setting this value disconnects the automatic port-finding capability of the connector; this port is the only one allowed, and the connector fails to start if another program has already used this port.

Value type - integer
Initial value - 7800
Other valid values - any integer in the range 0-65536

-n ListenerThreads

This property specifies the number of threads that are available for the listener to run on. This value determines the maximum number of simultaneous requests that can be handled by the node listener. If this property is set to -1 or 0, the default number of threads is 200.

Value type - integer
Initial value - -1

-n MaxConnections

Set the value to the maximum number of inbound HTTP connections that the listener can accept. The default is -1 (infinite). If MaxConnections limit is reached and a new connection attempt is made, the listener rejects the connection.

Value type - integer
Initial value - -1

-n MaxheaderSize

The maximum size of a header that HTTP supports. The default is 8192. You can increase the value as required. There is no limit.

Value type - integer
Initial value - 8192

-n MaxKeepAliveRequests

Set the value to the maximum number of requests that can use a persistent connection. Set the value to 1 to disable keep-alive requests and force the creation of a new connection for each request.

Value type - integer
Initial value - -1

-n MaxPostSize

Set the value to the maximum POST size (in bytes) that can be processed by the integration node listener. Requests that exceed this limit are rejected with an HTTP 413 Payload Too Large response.

Value type - integer
Initial value - -1

-n ServerName

Set the value that is set in the "Server" header for all HTTP responses that are sent by this server.

Value type - string
Initial value - null

-n TimeoutSweepInterval

Set the time interval (in milliseconds) between successive checks for timed-out messages. The default time interval is 20 milliseconds.

Value type - integer
Initial value - 20

-n XContentTypeOptions

Set to nosniff to include the X-Content-Type- Options response header to opt out of MIME type sniffing. For more information, see X-Content-Type-Options.

Value type - string
Initial value - null

-n XSSProtection

Set to disable, sanitize, or block. For more information, see X-XSS-Protection.

Value type - string
Initial value - null

-o HTTPSConnector

The properties that are listed for the HTTPConnector are also valid for the HTTPSConnector.

The HTTPSConnector settings apply only to inbound (server-side) HTTPS communication on the listener. The properties do not apply to outbound traffic that involves request nodes. To set SSL properties for outbound communication, you must configure either the ComIbmJVMManager object or the BrokerRegistry object.

The following additional properties and values are valid for the HTTPSConnector:

-n CipherSpec

Set the value to a list of the encryption ciphers that can be used. If no value is set, any available cipher is used. The client sends a list of ciphers in priority order, and the server selects the first acceptable cipher in the list. If none of the ciphers in the list are suitable, the server returns a handshake failure alert and closes the connection.

For more information about the OpenSSL cipher spec, see https://www.openssl.org/docs/man1.1.0/man1/ciphers.html.

Value type - comma-separated list
Initial value - null

-n EnableTLSTrace

Set this property to enable tracing of TLS handshake messages to the console. By default this property is set to false.

Value type - Boolean
Initial value - false

-n KeyAlias

Set the value to the alias that is given to the server certificate in the keystore. By default, the first key in the keystore is used.

Value type - string
Initial value - null

-n KeyPassword

Set the value to the password that is used to access the server certificate in the keystore file. The value can either be a plaintext password or, if the value is prefixed with "brokerKeystore::KeyPassword", the password is the named value that is configured by the mqsisetdbparms command.

Value type - string
Initial value - null

-n KeystoreFile

Set the value to the path and file name of the keystore file where the server certificate is stored.

Value type - string
Initial value - platform default

-n KeystorePassword

Set the value to the password that is used to access the server certificate in the keystore file. The value can either be a plaintext password or if the value is prefixed with "brokerKeystore::", the password is the named value that is configured by the mqsisetdbparms command.

Value type - string
Initial value - null

-n KeystoreType

Set the value to the type of keystore file used.

Value type - string
Initial value - JKS

-n ReqClientAuth

Set the value to true if a valid SSL certificate must be received from the client before a connection can be accepted.

Value type - Boolean
Initial value - false

-n RejectUnauthorizedClient

Set the value to false if you want to allow connections from clients that do not provide client certificates.

This property is applicable only when the ReqClientAuth property is set to true.

Value type - Boolean
Initial value - true

-n StrictTransportSecurity

Set this property to use a Strict-Transport-Security header for connections. For more information, see Strict-Transport-Security.

Value type - string
Initial value - null

-n TLSCertVerifyDepth

Use this value to specify the maximum number of certificates that can be in a certificate chain to pass verification. If a certificate chain has more certificates than specified by this limit, verification fails. The default number of permitted certificates is 100.

Value type - integer
Initial value - 100

-n TLSContextTimeout

Use this value to specify the length of time after which a new session times out. The default timeout is 300 seconds.

Value type - integer
Initial value - 300

-n TLSProtocols

Use this value to specify which versions of the TLS protocols are enabled. The TLSProtocols property can take a value of all, none, or a comma-separated list of the strings TLSv1.2 and TLSv1.3. The only supported versions of the TLS protocol are 1.2 and 1.3. The values are not case-sensitive. The default value is all.

If TLSProtocols is set to all, both versions are enabled.

If TLSProtocols is set to a comma-separated list of the strings TLSv1.2 and TLSv1.3, then both versions are enabled. The versions can be listed in any order.

If TLSProtocols is set to none, all TLS versions are disabled, and the listener becomes unusable.

Value type - string
Initial value - all

-n TruststoreFile

Set the value to the path and file name of the truststore file.

Value type - string
Initial value - platform default

-n TruststorePassword

Set the value to the password used to access the truststore file. The value can either be a plaintext password or if the value is prefixed with "brokerTruststore::", the password is the named value that is configured by the mqsisetdbparms command.

Value type - string
Initial value - null

-n TruststoreType

Set the value to the type of truststore file used.

Value type - string
Initial value - JKS

See the mqsichangeproperties command for examples of how to change parameters for the httplistener component.